I was recently looking over the Twitter help pages for something and came across one relating to “Help with Google search visibility“. Cutting a long story short, due to the high ranking of Twitter with Google, all public pages on Twitter are indexed on a regular basis by the Google search engine. This includes all your public Tweets.
I did a bit more research and ran a google search using our own Twitter handle (@jmbussec). I found a number of references to tweets (and retweets) we had put out. In addition, I found a number of third party sites that were re-publishing our tweets, namely:
There are probably a lot more. The above sites seem to use the Twitter API’s to extract tweets and then either cache them or recover them each time. I need to do a bit more research.
However, just looking at Google they do index tweets and they can persist in their search results even after you delete the tweet. If you follow the link to a deleted tweet, it will often fail to display the tweet. However there is sufficient text in the search results to provide you with enough information about it. I even found a tweet I sent out relating to the BBC iPlayer on Down Detector which I was totally unaware of.
I am not bothered whether or not Google (or any other search engine for that matter) indexes tweets from our Twitter account. However, in the situation where someone might tweet something and then later regrets doing it and deletes it, if Google has already cached the Tweet then the comment is still available until Google tries to refresh its cache, which can be months/years later. I have already seen this on another account.
If you make your tweets on Twitter private, then anything you send from that point on is not available to be indexed by Google. However, if you subsequently make your tweets open to the public, even the ones you sent privately, they are then available to be indexed by Google.
NB: Not entirely sure why I was surprised by this, but there you.
As a general principle, anything you post on the internet, whether private or public, is retained forever somewhere. If this could be subsequently embarrassing, and even if you delete it from the source, it can still exist in a cache somewhere. This is over and above what the NSA and GCHQ are permanently caching (re: the Edward Snowden disclosures – I recommend everyone to read his recent Autobiography).
The general guidance is:
- Never post in haste (the old saying “Act In Haste, Repent At Leisure” is very relevant here)
- If you want things to be private, make sure (at least on twitter) that your posts are not made public by using the appropriate privacy settings
- If something does get away from you, then you can always ask Google to remove it from their search results, but the process is somewhat long winded and they can always refuse
- Never post private/personally identifiable information (e.g. email address, phone number, home/work address) and if you do make sure this information is not disclosed publicly.
This post refers directly to Twitter, but I fully expect to find the same issue for Facebook, Instagram, LinkedIn and all the other social networks. This also refers to Google, but is equally relevant to any of the other search engines (e.g. Bing, DuckDuckGo).
I advise everyone to regularly review their privacy settings on their social media accounts, especially Twitter and Facebook, to ensure things you don’t want to be made public are kept private. Better still, keep private/potentially embarrassing media away from the internet. There have been too many disclosures of embarrassing pictures sourced from celebrity accounts not to notice this as a risk. This could be used in subsequent social engineering attacks, blackmail, frauds, etc.